Skip to main content

Active Directory - working with users , groups and organizational units (WS 2008)


Probably the most noticeable part of Active Directory administration is managing objects and resources within the Users and Computers snap-in

Users and Computers mmc snap-in enables
you to create and manage objects like Users, Groups, Contacts, Computers and Organizational units (OUs). User is an object that represents a real person with their rights to access specific resources, and with attributes like personal data. More users can be grouped in a group which alows easier administration of larger number of users by managing only one group. 

Althought users, groups and other objects are pretty self explanatory, organizational units or (OUs) can be thought of as a folders on a file system. By putting a user or resource in an OU, sysadmin can control who has administrative authority over that user or resource - in other words, for specific resources, Administrator can delegate portions of administrative authority to subadministrators. 

A user can be a member of many groups but can only reside in one OU - just as a file can reside only in one folder. 


    Accessing Users and Computers snap-in
Users and Computers snap-in can be started by going to Start > Programs > Administrative Tools > Active Directory Users and Computers, or simply by entering "dsa.msc" at the run prompt: 

Server manager













From Users and Computers snap-in we can creat and manage objects like Users, Groups, Contacts, Computers and organizational units (OUs): 

Roles wizard


















If email Exchange server is installed in domain, the setup wizard automatically extends the functionality of Active Directory Users and Computers snap-in to include Exchange-specific tasks. So nice thing is that all can be administrated from one place: 

Roles wizard


















    Creating a new domain user
From Users and Computers snap-in, creating a new domain user can be done by right clicking on default users folder: 

Creating new domain user


















Once from the context menu New > users is selected, users data such as username and email address can be entered (If exchange server is properly implemented and configured, there's no need for creating separate email account since it will be created automatically if entered): 

Creating new domain user


















From the user's properties, on the Member of tab is possible to add the user in a group. Be careful while promoting a user in a Domain administrator - this user has an absolute power in a domain: 

Creating new domain user


















 

Complete creation of new user by entering users password: 

Creating new domain user

















(Also, as a good security method and practice, it's a wise thing to set up expiration password policy for a whole domain, so that users must change their password every 2-3 months or so.) 
Labels:

Comments

Post a Comment

Popular posts from this blog

Cisco three-layer hierarchical model

Because networks can be extremely complicated, with multiple protocols and diverse technologies, Cisco has developed a layered hierarchical model for designing a reliable network infrastructure. This three-layer model helps you design, implement, and maintain a scalable
Post a Comment
Read more

Access Control Lists (extended)

Access Control List  or  ACL  is a technic of controling network traffic. It is a list of rules with which traffic flow can be manipulated - permitted or denied. By default, traffic flow from the interface with the higher security level (for example "inside" interface) to interface with the lower security level (example "outside" interface) is allowed by default, but the flow of traffic from "outside" to the "inside" interface must be explicitly permited. 
Post a Comment
Read more

Classes of IP addresses

TCP/IP defines five classes of IP addresses: class A, B, C, D, and E. Each class has a range of valid IP addresses. The value of the first octet determines the class. IP addresses
Post a Comment
Read more